PT-2025-17320 · Alkacon · Alkacon Opencms

Name of the Vulnerable Software and Affected Versions: Alkacon OpenCMS version 17.0 Description: A stored cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the author parameter under the Create/Modify article function...

CVE-2025-28101

An arbitrary file deletion vulnerability in the /post/postTitle component of flaskBlog v2.6.1 allows attackers to delete article titles created by other users via supplying a crafted POST request...

PT-2025-17223 · Flaskblog · Flaskblog

Name of the Vulnerable Software and Affected Versions: flaskBlog version 2.6.1 Description: The issue allows attackers to delete article titles created by other users by supplying a crafted POST request to the "/post/postTitle" component. Recommendations: For flaskBlog version 2.6.1, consider...

CVE-2025-28101

CVE-2025-28101 affects flaskBlog v2.6.1, where the /post/{postTitle} endpoint allows arbitrary file deletion by crafting a POST request, enabling deletion of article titles created by other users. Documented details confirm the vulnerable component and impact (I/A low, C=none) with CVSSv3.1 score...

CVE-2025-28101

An arbitrary file deletion vulnerability in the /post/postTitle component of flaskBlog v2.6.1 allows attackers to delete article titles created by other users via supplying a crafted POST request...

CVE-2025-28101

An arbitrary file deletion vulnerability in the /post/postTitle component of flaskBlog v2.6.1 allows attackers to delete article titles created by other users via supplying a crafted POST request...

📄 OpenCMS 17.0 Cross Site Scripting

OpenCMS version 17.0 suffers from a persistent cross site scripting vulnerability. Exploit Title: OpenCMS 17.0 - Stored Cross Site Scripting XSS Date: 24-11-2024 Exploit Author: Siddhartha Naik Vendor Homepage: http://www.opencms.org/en/ Software Link:...

2025-04 Dynamic Cumulative Update for Windows 10 Version 21H2 for x86-based Systems (KB5055518)

ComponentUpdate: A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft...

2025-04 Cumulative Update for Windows 10 Version 1607 for x86-based Systems (KB5055521)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...

2025-04 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5055526)

Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer...

2025-04 Cumulative Update for Windows Server 2016 for x64-based Systems (KB5055521)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...

CVE-2025-32360

In Zammad 6.4.x before 6.4.2, there is information exposure. Only agents should be able to see and work on shared article drafts. However, a logged in customer was able to see details about shared drafts for their customer tickets in the browser console, which may contain confidential information...

PT-2025-15278 · Typecho · Typecho

Name of the Vulnerable Software and Affected Versions: Typecho version 1.2.1 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under a comment for an Article. Recommendations: For Typecho...

CVE-2025-32360

In Zammad 6.4.x before 6.4.2, there is information exposure. Only agents should be able to see and work on shared article drafts. However, a logged in customer was able to see details about shared drafts for their customer tickets in the browser console, which may contain confidential information...

CVE-2025-32360

CVE-2025-32360 affects Zammad 6.4.x before 6.4.2, with information exposure allowing a logged-in customer to view details of shared article drafts for their tickets in the browser console and to manipulate them via the API. Root cause: exposure of draft details intended only for agents. Impact: p...

BIT-JOOMLA-2021-26027 [20210307] - Core - ACL violation within com_content frontend editing

An issue was discovered in Joomla! 3.0.0 through 3.9.24. Incorrect ACL checks could allow unauthorized change of the category for an article...

CVE-2025-2978

A vulnerability was found in WCMS 11. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php?articleadmin/upload/?=container=1 of the component Article Publishing Page. The manipulation of the argument Upload leads to unrestricted upload. The...

PT-2025-14254 · Unknown · Upc/Ean/Gtin Code Generator

Name of the Vulnerable Software and Affected Versions: UPC/EAN/GTIN Code Generator versions through 2.0.2 Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For versions throug...

CVE-2025-2978

A vulnerability was found in WCMS 11. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php?articleadmin/upload/?&CKEditor=container&CKEditorFuncNum=1 of the component Article Publishing Page. The manipulation of the argument Upload leads to...

CVE-2025-2978

A vulnerability was found in WCMS 11. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php?articleadmin/upload/?&CKEditor=container&CKEditorFuncNum=1 of the component Article Publishing Page. The manipulation of the argument Upload leads to...